6.5.1.1 The Native Authentication Plugin

MySQL includes two plugins that implement native authentication;
that is, authentication against passwords stored in the
Password column of the
mysql.user table. This section describes
mysql_native_password, which implements
authentication against the mysql.user table
using the native password hashing method. For information about
mysql_old_password, which implements
authentication using the older (pre-4.1) password hashing
method, see Section 6.5.1.2, “The Old Native Authentication Plugin”.
For information about these password hashing methods, see
Section 6.1.2.4, “Password Hashing in MySQL”.

The mysql_native_password native
authentication plugin is backward compatible. Clients older than
MySQL 5.5.7 do not support authentication
plugins but do use the native
authentication protocol, so they can
connect to servers from MySQL 5.5.7 and up.

The following table shows the plugin names on the server and
client sides.

Table 6.9 MySQL Native Password Authentication Plugin

Server-side plugin name

mysql_native_password

Client-side plugin name

mysql_native_password

Library file name

None (plugins are built in)

The plugin exists in both client and server form:

The server-side plugin is built into the server, need not be
loaded explicitly, and cannot be disabled by unloading it.

The client-side plugin is built into the
libmysqlclient client library as of MySQL
5.5.7 and available to any program linked against
libmysqlclient from that version or
higher.

MySQL client programs use
mysql_native_password by default. The
--default-auth option can be
used as a hint about which client-side plugin the program
can expect to use:

shell> mysql --default-auth=mysql_native_password ...

If an account row specifies no plugin name, the server
authenticates the account using either the
mysql_native_password or
mysql_old_password plugin, depending on
whether the password hash value in the
Password column used native hashing or the
older pre-4.1 hashing method. Clients must match the password in
the Password column of the account row.